package com.aabte.permissionframeworklearn.apacheshirodemo.shiro;

import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.filter.mgt.DefaultFilter;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * @author Daniel
 */
@Configuration
public class ShiroConfig {

    @Bean
    public CredentialMatcher credentialMatcher() {
        return new CredentialMatcher();
    }

    @Bean
    public AuthRealm authRealm(CredentialMatcher credentialMatcher) {
        AuthRealm authRealm = new AuthRealm();
        // 设置密码检验器
        authRealm.setCredentialsMatcher(credentialMatcher);
        // 使用内存缓存
        authRealm.setCacheManager(new MemoryConstrainedCacheManager());
        return authRealm;
    }

    @Bean
    public SecurityManager securityManager(AuthRealm authRealm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(authRealm);
        return securityManager;
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilter(SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);

        shiroFilterFactoryBean.setLoginUrl("/login");
        shiroFilterFactoryBean.setSuccessUrl("/index");
        shiroFilterFactoryBean.setUnauthorizedUrl("/unauthorized");

        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        // value的值对应org.apache.shiro.web.filter.mgt.DefaultFilter枚举类
        // 允许匿名用户访问
        filterChainDefinitionMap.put("/index", DefaultFilter.anon.name());
        filterChainDefinitionMap.put("/", DefaultFilter.anon.name());
        filterChainDefinitionMap.put("/login", DefaultFilter.anon.name());
        filterChainDefinitionMap.put("/loginUser", DefaultFilter.anon.name());
        // 数据库连接池监控
        filterChainDefinitionMap.put("/druid/**", DefaultFilter.anon.name());
        // 拥有admin角色才能访问
        filterChainDefinitionMap.put("/admin", DefaultFilter.roles.name() + "[admin]");
        // 拥有edit权限才能访问
        filterChainDefinitionMap.put("/edit", DefaultFilter.perms.name() + "[edit]");
        //其它接口需要登陆才能访问
        filterChainDefinitionMap.put("/**", DefaultFilter.user.name());
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);

        return shiroFilterFactoryBean;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(securityManager);
        return advisor;
    }

    @Bean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator autoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        autoProxyCreator.setProxyTargetClass(true);
        return autoProxyCreator;
    }


}
